Re: Stop IPv6 Google traffic

[Owen DeLong <owen () delong com>]

> On Apr 11, 2016, at 14:03 , Rubens Kuhl <rubensk () gmail com> wrote:
>
> On Mon, Apr 11, 2016 at 5:56 PM, Ricky Beam <jfbeam () gmail com> wrote:
>
> > On Sun, 10 Apr 2016 20:09:04 -0400, Rubens Kuhl <rubensk () gmail com> wrote:
> >
> > > If your users are seeing captchas, one or a few or them are likely to be
> > > infected to the point of generating too much requests to Google.
> >
> > If that were the case, they'd be seeing the same via IPv4. And apparently,
> > they aren't.
>
> Nope. If you have both A and AAAA IP addresses in DNS responses and have
> both IPv4 and IPv6 connectivity, IPv6 will be preferred, with even a bit of
> latency handicap favoring IPv6 in current Happy Eyeballs implementations.
> Remember that the symptom is not unresponsive website, but an answer with
> an inconvenience (the captcha), so the browser and the network stack won't
> deem it as IPv6 load failure.

Also, incorrect or non-existant PTR records are much more common in IPv6
than in IPv4, so that could also account for some difference in behavior.

Most res.ISPs, for example, synthesize PTR responses for their IPv4
addresses such as:

240.59.103.76.in-addr.arpa. 7200 IN     PTR     c-76-103-59-240.hsd1.ca.comcast.net.

vs.

; <<>> DiG 9.8.3-P1 <<>> -x 2601:1c1:1234:5678:b834:f36d:2bb9:285
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48639
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;5.8.2.0.9.b.b.2.d.6.3.f.4.3.8.b.8.7.6.5.4.3.2.1.1.c.1.0.1.0.6.2.ip6.arpa. IN PTR

;; AUTHORITY SECTION:
0.1.0.6.2.ip6.arpa.     3600    IN      SOA     dns101.comcast.net. dnsmaster.comcastonline.com. 2014093006 7200 300 
604800 3600

;; Query time: 128 msec
;; SERVER: 172.22.186.6#53(172.22.186.6)
;; WHEN: Mon Apr 11 14:43:53 2016
;; MSG SIZE  rcvd: 171

for example.

Owen